On Wed, 28 Jul 2010 11:38:17 +0100 Ben Laurie <[email protected]> wrote: > On 28/07/2010 09:57, Peter Gutmann wrote: > > In any case though the whole thing is really a moot point given > > the sucking void that is revocation-handling, the Realtek > > certificate was revoked on the 16th but one of my spies has > > informed me that as of yesterday it was still regarded as valid > > by Windows. Previous experience with revoked certs has been that > > they remain valid more or less indefinitely (which would be > > really great if CAs offered something like domain-tasting for > > certs, you could get as many free certs as you wanted). > > Again, citing the failure to use revocation correctly right now > does not tell us anything much about the possibility of using it > correctly in the future.
The US Securities and Exchange Commission has long forced companies to state, when selling advisory services, that "past performance is no indicator of future performance". However, I think that's pretty much clearly untrue in most disciplines. Empirical reasoning is entirely about observing and drawing conclusions based on what we observe. Virtually all of modern science comes, in fact, from observing what happens in the real world and extrapolating from it. After a few decades of trying to get PKI to work, we have failed to do so. At some point, one has to have very firm justifications for the belief that these decades of experience should be dismissed as mere experimental error. In another message you say: > The core problem appears to be a lack of will to fix the problems, > not a lack of feasible technical solutions. I'm unsure whether you are correct here, but I will point out that any solution which can never be deployed *is*, in fact, infeasible, and that if human beings cannot be convinced to use a particular solution (which is one form of the "lack of will" problem), then we might as well dismiss that solution. Now, I've been saying "PKI can never be made to work" for something like the last fifteen years. I was on a panel with Steve Kent at a Usenix workshop long ago, where I expressed the opinion that PKI very poorly models the actual legal and de facto relationships between parties, and I think that experience has borne that out. We've watched the rise and fall of substantial companies dedicated to trying to get PKI sold into enterprises, and the best efforts that Certco and Entrust and the like made were not enough. There is also considerable evidence that many of the technologies PKI requires, like reliable revocation, cannot be made to work, and whether that is because of a "lack of will" or because of something deeper, the fact is that these techniques have failed in practice over the course not of months or years but of decades, and we cannot ignore that forever. It is not always the case that a dead technology has failed because of infeasibility or inapplicability. I'd say that a number of fine technologies have failed for other reasons. However, at some point, it becomes incumbent upon the proponents of a failed technology to either demonstrate that it can be made to work in a clear and convincing way, or to abandon it even if, on some level, they are certain that it could be made to work if only someone would do it. I think we are at or even past that point with PKI. The odor of putrefaction is unmistakable. -- Perry E. Metzger [email protected] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
